Blog & News

Tech Essentials: The Most Popular Insights of 2018

2018 was a busy year in the cyber world; in particular, in the areas where we focus — messaging security, privacy compliance, e-delivery and e-sign productivity.

Our Tech Essentials educational email series has been distributed to more than 15 million business professionals in the United States and Europe, mainly to insurance, legal, investment, real estate, health care, and IT professionals.

We thought you might like to review the most read tech tips and insights from our 2018 originally written editorials.

Creepy Tech and Eavesdropping
Alexa Controls Your House
Fake News will be Quaint

IT Risk and Compliance
Million Dollar Email
Eliminating Email Disputes, or Not

Hacker Insights
Not all TLS is Created Equal
Whaling and the Hacker Lottery

Most Read Published Report – Includes Email Encryption Comparison Charts
Email Encryption Market Considering Privacy Compliance

If you have not been receiving these tech tip emails, please CLICK HERE and our team will see if they can ensure you receive these important technical tips and trends emails so you can stay on top of this dynamically changing area of e-communications in the next year.

Happy New Year.

Zafar Khan
Chief Executive Officer, RPost
Tech Essentials Author

Try RMail at no cost, with no credit card needed (click for your Gmail or Outlook RMail app).

RPost Adds New Security Automation, APCC Top Choice

RPost simplifies total email security, now with a hosted security gateway solution. Customers, especially small businesses, have all of the email threats and compliance requirements of enterprises, but fewer IT staff and smaller tech budgets.

With RMail Security Gateway, now with full service hosted options, business IT staff can simply change an email routing rule and all of their email will have market leading threat protection, data leak prevention, and rules to trigger all or certain messages to be sent via RMail; automatic encryption, RPX AES encryption, certified e-delivery proof, or for recipient e-signoff.

“As technologies advance and threats get ever more sophisticated, encrypting email for privacy compliance is not getting simpler. In fact, it is getting more complicated,” states Steve Anderson, an insurance technology expert & LinkedIn influencer with more than 330 thousand followers.  “Not all TLS is created equal. Not all email one thinks is going by TLS, in fact is transmitted securely.” Learn more about pitfalls with TLS

Insurance agencies, for example, rely on RMail automatic encryption to detect this simplest, secure transmission to each recipient; with each message returning auditable proof of privacy compliance. Now, agency administrators can simply click an option in a web-tool to enable all messages to be sent via RMail encryption, whether sent from an agency management system, or from their email service.

“RMail consistently makes email life easier for business people. Easy, secure, simple, automatic,” adds Anderson. “And, RMail Security Gateway is just another way that RPost does it. RMail Security Gateway is a great option for total encryption automation.”

RMail Security Gateway automates email security with advanced email encryption for privacy compliance, inbound and outbound threat protection, data loss prevention, and more. It includes proof of privacy compliance (GDPR, HIPAA, etc.), with email tracking, certified e-delivery proof, and e-sign productivity built-in. It is the simplest to use, most affordable full featured total security solution for email and documents; fully hosted, completely managed.

Read more about RMail Security Gateway in our PDF Guide.

“RMail SG furthers our mission to think of security in line with productivity. Services should make it easier to do business, all the while focusing on ensuring underlying security and compliance needs are covered,” states RPost CEO Zafar Khan.

Users report adding RMail SG to make it easy to send encrypted from mobile phones, by adding the word ‘encrypt’ to the subject – in particular in the legal sector. Others prefer to create rules to automatically send encrypted to certain recipients, based on message content, or when from certain senders, when privacy compliance is a concern.

RMail has been identified as a top choice for privacy compliance by leading organizations like the Association for Professional Compliance Consultants.

Interested in GDPR Compliance? Download the GDPR Privacy Compliance Guide Here.

Not All TLS is Created Equal

Many, many software service sales professionals throw around security phrases to make cyber security sound simple. Today, as technologies advance and threats get ever more sophisticated, encrypting email for privacy compliance is not getting simpler. The devil (hacker) is in the details.

Here, we will try to (in a simple manner) decipher a commonly referred to catch all for security, TLS, and explain why the details are important. “Not all TLS is created equal. Not all email one thinks is going by TLS, in fact is transmitted securely,” remarks Steve Anderson, an insurance technology expert & LinkedIn influencer with more than 330 thousand followers.

First, what is TLS?

TLS stands for transport layer security. This is a means, in short, of encrypting communications between two participating devices. This is mainly used when you communicate from your web browser to a web server. It’s simple for the browser to display “insecure” connections, pop-up warnings, or disable a page display.

But, with email, there are more challenges.

Sure, if you log-in to Gmail via your Chrome browser, the connection from your device to the Google email server is secured this way.

But what about the email after you hit send, when it leaves Google’s Gmail server onward to the recipient?

This is where “Opportunistic TLS” may or may not be used. It is used with many major email providers (Microsoft Hosted Exchange Office 365, Gmail, etc.) by default.

Sounds secure, right? Maybe not.

Let’s first remind ourselves of the most important part of email for MOST users — that it gets to the intended recipient. Traditionally, whether it seen “only” by that recipient has been an afterthought.

Enter Opportunistic TLS. Here, the sending server, Gmail in this example, tries to send first with a secure TLS email transmission (SMTP) if the “opportunity” presents itself, and second, if it cannot send securely, it reverts to less secure or insecure transmission, automatic, and invisibly.

Sounds pretty good; everyone receiving email surely has the same mindset, and will accept email from Gmail through a secure connection, right?

Wrong.

According to the Gmail transparency report, continuously updated as of today, 88 to 91% of inbound and outbound email to and from Gmail are sent using TLS. This means, typically, more than 10% is sent and received without any security. So, 1 in 10 messages you may send or receive via Gmail simply go out without any security. This is likely similar with Office 365 hosted email.

You might think, well, 1 in 10 insecure isn’t bad. However, consider it could be far worse.

According to the above report, for many recipient email domains, like Charter.net in the USA, Bigpond in Australia, Videotron via Bell in Canada; email to and from these domains to Gmail are never encrypted (0%) and with companies like Amazon, 57% are secured. What about the gazillion smaller companies out there? Do they have better security than Amazon?

And, it gets worse. Here is the big fallacy.

None of these transparency reports make the distinction which of the many TLS connections are considered insecure TLS. Generally, there are versions of with varying security; TLS 1.0, TLS 1.1, TLS 1.2, and now TLS 1.3.

Focusing on TLS 1.0, there are known risks. In particular, a TLS downgrade attack. In short, a hacker can intercept the TLS 1.0 check preceding the server to server communication to trick the sending server into sending the message in an insecure manner. Security professionals have been trying to get IT administrators to upgrade from TLS 1.0 for more than a decade; but use of this still persists, en masse; and typically accounts for more than 15% of all TLS email connections.

So, maybe you are at 10% sent insecure (no TLS) plus 15% sent with a version of TLS with known security issues. Now you have an issue with 25% of your email (1 in 4 emails), at the very least. If you communicate with customers in smaller companies, individuals, the percentage is likely higher.

The problem is, what to do?

Microsoft states in a 2018 blog post, while they will no longer support TLS 1.0, “this does not mean Office 365 will block TLS 1.0 and 1.1 connections. There is no official date for disabling or removing TLS 1.0 and 1.1 in the TLS service for customer [email] connections.”

And, remember, TLS 1.0 is known as not compliant in some circles (i.e. PCI financial compliance standard). What about for HIPAA? PII? NPI? GDPR privacy compliance? If there are known vulnerabilities with TLS 1.0, one would believe they may not be considered a “privacy compliant” means of transmission. Time will tell.

Bottom line:

  1. Microsoft Office 365, G-suite, and other “Opportunistic TLS” systems likely send at least 25% of email with no security or in an insecure, less than a (privacy) compliant manner.
  2. There is no easy fix for these systems, as their option (as Microsoft points out as not desirable) would be to not deliver the email at all; which would cause chaos for senders and receivers. It appears, from their blog post, they prefer to delivery insecure rather than not at all.

What to do: Opportunistic TLS with Auto-Fallback

Add on to Gmail, Office 365, Zimbra, or any email, a simple to use service that, if no TLS is available, or an insecure version of TLS is in place, the communication automatically reverts to an alternative method of email transmission encryption; dynamically and without bothering or burdening sender or receiver.

“RMail consistently makes email life easier for business people. Easy, secure, simple, automatic,” adds Anderson. “And, RMail Security Gateway is just another way that RPost does it. RMail Security Gateway is a great option for total encryption automation.” (Join Steve Anderson’s December 12 webinar on this topic.)

Install RMail onto your existing email program or security gateway, as it has the simplest form of automatic encryption, using secure versions of TLS when available, and when not, reverting to AES 256-bit PDF encryption. The recipient either can view the message received security right in their email program or view it in a PDF if required to maintain security and compliance.

Try RMail at no cost, with no credit card needed (click for your Gmail or Outlook RMail app).

CLICK HERE if you are interested in following RPost from an investor perspective through its investor relations emails and briefings.

To learn more visit www.rmail.com.

Your Spit is Your Real Government ID

The DHS is using Congress’ “Real ID” Act of 2005 to require all US states to issue new, more robust IDs for air travel originating in the United States (source).

Has the DHS missed the real opportunity, to consider today’s state of technology? There are already millions upon millions of dollars being spent to upgrade every citizen’s driver’s license to a “Real ID”. Why not, in the same process, associate each one’s retina scan, fingerprint, and DNA to their Real ID? Easy to do and the cost can simply be bundled into the driver’s license renewal fee or process.

Your DMV eye test could simply be adapted to additionally capture your retina image and fingerprint and you could spit into a cup to process your DNA. Or, skip the retina scan and fingerprint, and just wait for technology to be able to determine your retina image and fingerprint from your DNA.

This would really be a “Real ID”.

Maybe there is an even easier way. The Government could simply contract with 23andMe, Ancestry.com, and the others that you submit your spit to “learn about your roots”. These results could be submitted to the government and printed on the back of your Real ID; information gleaned from your DNA, like whether you are pure Homo Sapiens or an interbreed with Neanderthals (source).

Your Real ID could also include the famous Myers Briggs personality categorization, automated using algorithms that source data from your Facebook posts, Instagram photos, and Gmail correspondence.

So, your government Real ID (of the “near” future) could include your nice photo, plus your biological origins, and your personality (idealistic, caring, passionate, observant, loyal, etc.). Each of these factors could change the perception of others (insurance companies, tax collectors, etc.) of your risk, so they can more easily adapt their approaches, fees, audits based on who you really are (or who they perceive you are from your data).

Sounds good? According to Gartner Inc., a leading technology analyst, a top technology trend for 2019 will be for technology companies to work out how to manage what Gartner calls “Digital Ethics and Privacy”. What do users want stored and analyzed, and what do technology companies store, analyze and have rights to?

This opens a major debate that Tech Essentials predicts will be a topic for 2019 and beyond; in particular, as users knowingly or unknowingly are providing their DNA or personality DNA to technology providers (and their uncapped list of consultants and contractors) every day. For a decade, people have been sharing all of their personal information with their friends (and those friends’ friends…and Facebook app developers, and the companies designing apps to scrape user information for their business purposes).

Today, companies have even more powerful information, that people interested in understanding their heritage are handing to them for them to sell and monetize (source: 23andMe opens DNA data to pharma companies).

23andMe Terms and Conditions: By choosing to have 23andMe store either your saliva sample or DNA extracted from your saliva, you are consenting to having 23andMe and its contractors access and analyze your stored sample, using the same or more advanced technologies.

New technologies and the potential of “Real ID” programs have greater potential to mishandle your most sensitive private data, far more so than Facebook has done. And, “biobanking” of your DNA provides data on you that is far harder to change than deleting photos from your Facebook or Instagram account.

While it is difficult to enjoy living in today’s modern society and remain “off-the-grid”, you might consider how much information you let big tech siphon off, use, share, and sell. Tech Essentials believe there will be a larger minority of users of technology that begin to become more aware of this eavesdropping overreach, and an even smaller minority that choose to change their behavior as a result.

If you are part of this small minority who cares not to share everything with big tech and their unknown “affiliates and contractors”, Tech Essentials recommends four simple ways to change some of your behavior.

  1. Don’t submit your spit for DNA analysis (at least without carefully considering who will forever know your inner self being).
  2. Don’t take online personality surveys shared via Facebook and social media. They are simply gathering more data on you for the purpose of building their fortunes at the expense of your privacy.
  3. Do consider encrypting your sensitive email — importantly, choose the type of email encryption that suits the need based on the content you send. RMail’s RPX encryption is the only simple-to-use end-to-end encryption service. Microsoft Office 365, Gmail, basic TLS don’t get you there. Some messages may need simple security for compliance, while others may need to remain private from the eavesdropping facilitated by big technology platforms that gather as much information as possible on people and their behaviors. RMail Registered Email service has a toggle to switch between these needs in its encryption options.
  4. Consider using an off-the-grid messaging network for your communications that are among your most trusted family members, friends, and business partners. Tech Essentials recommends the most secure service, with perfect anonymity. Read more about OTP one-time pad quantum secure messaging network.

For special access to get started using Registered Email or RMail email encryption services at no cost, CLICK HERE.

Gartner Tech Trends 2019 & RPost NYC Cybersecurity Investment Conference

With a foundation of security, compliance and productivity services centered around business communications, RPost continues to enhance its core software service offerings, while building for the next generation user and IT administrator experience. Gartner’s recently published top 10 technology trends for 2019 is a useful guide to assess a company’s DNA for innovation. RPost product roadmap and continuous evolution has anticipated some of these trends.

RPost has been identified as a technology cybersecurity innovator, invited to speak at the largest gathering of public and private sector technology security executives and the technology investment community, in New York City — the Imperial Capital 15th Annual Cybersecurity Investment conference. In RPost’s presentation session, scheduled for December 12, RPost’s CEO will preview what is hot today, within RPost’s product set, and how these products are evolving to meet the next technology trends. (Click to review conference)

RPost Maps to Gartner Trends “Digital Ethics and Privacy” and “Quantum Computing”
RPost is evolving core secure messaging and privacy products to empower companies and users, considering today’s need to not only operate in a (privacy) compliant manner, but to identify which communications need secrecy and perhaps anonymity. Some messages may need simple security for compliance, while others may need to remain private from the eavesdropping facilitated by big technology platforms that gather as much information as possible on people and their behaviors. RMail Registered Email service, with various encryption options, RMail Security Gateway with more automation options, and RPost’s OTP one-time pad quantum secure messaging network are each positioned to inspire RPost customers to evolve their thinking and use of cyber security messaging services, based on their particular needs, which may change on a message-by-message basis.

RPost Maps to Gartner Trend “Augmented Analytics”
RPost’s core Registered Email patented technologies relate to analytics around electronic communications. Born within its Registered Email e-delivery tracking and proof services, RPost has and continues to extend the visibility into what is happening related to high value messages within a customer and the ecosystem of contacts, either in aggregate or on a message-level basis. The natural evolution of the Registered Email service is to use what Gartner terms as augmented analytics, to provide the most valuable insights to the variety of stakeholders within a customer company (end users, supervisors, technology administrators, general managers, etc.) based on the role of the person and their business function (sales, human resources, IT, compliance, legal, business process operations, etc.). This truly provides an enhanced experience, building on RPost’s core electronic messaging patented tracking technologies.

RPost Maps to Gartner Trend “Blockchain”
RPost’s core evidence records, its Registered Receipt forensic email delivery tracking and proof and its Digital Seal sender and sent content authentication, are built on the underlying technologies used in blockchain. As these RPost technologies become ubiquitous, RPost has the ability to extend its digital authentication and non-repudiation technologies using blockchain, for those customers that see an advantage in propagating the authentication elements of their communications distributed across the Internet.

While RPost’s core RMail Registered Email e-delivery proof, email encryption, email imposter protection, secure filing sharing, and RSign e-signature products are most often installed for business executives inside Microsoft Outlook, Gmail, Zimbra, and CRM platforms, the future of RPost’s product platforms, and the success for RPost’s customers, is an RPost product set that considers the entire product experience for its customers. This is the roadmap of RPost’s continuous product evolution.

Read more about Gartner Inc. trends for 2019

RPost European Distributor Adds its 1000’th New RMail Corporate Customer, RSign Next

RPost’s Swiss-based distributor, Frama Communications, has added its one thousandth new RMail corporate customer in countries including the United Kingdom, The Netherlands, Germany, Denmark, Sweden, Switzerland, France and Italy. Frama now launches RSign, RPost’s advanced web-based e-signature platform.

“We have seen the pace of new customer orders in Europe accelerate since Europe’s new privacy and e-communications regulations came into effect in May,” states RPost CEO Zafar Khan. Frama has added customers across industry vertical, from health care providers in Denmark, financial services firms in the UK, to insurance companies in Italy (read customer case studies). “We believe this milestone is a momentum point for Frama, proving their pan-European sales teams are in their comfort zone bringing RMail to customers; and now, RSign”.

RSign® is a simple to use, full featured, web-based e-signature service that makes it easy for signers to complete and sign documents electronically using any web browser, in an intuitive, guided signing process. RSign includes reminders & notification automation and rules, real-time delivery and signoff audit trail and history, as well as encryption, templates, advanced form features, signer authentication, and more.

“With RSign, Frama continues to drive its digital transformation initiative using RPost technologies as the transformation catalyst, helping companies master their digital business. RSign follows three basic principles: Simplicity, Flexibility and Efficiency. Feedback from the market has been exceptional,” states Volker Sommerfeld, Product Manager from Frama Communications. “For the purposes of GDPR data privacy compliance related to e-mail, e-document delivery, and e-signing systems, RMail® and RSign® are ideal solutions.

 

Email Security Beyond the Soundbite

The ubiquity of smart phones and their apps have reduced the attention span for the masses. People now expect their information in big fonts, nice colors, and pretty pictures.

In the tech world, while many services have features that are now described in simple sound bites, it is often the details that make one product work for a customer need; or work better than similar sounding alternatives. And, with heightened awareness of email security needs, choosing your security solutions by sound bite has its pitfalls.

Following are two situations that tripped up some of our Tech Essentials readers: 

Mass Email Challenge: Large County Government Agency with Requirement to Track Delivery of Tax Notices. In Virginia, an agency needed to send hundreds of thousands of tax notices annually. To manage the process, they attempted to use an email marketing platform to send and track delivery of these electronic messages. In the end, it didn’t work. Sure, the messages appeared to have been sent, and some even included open detection reports; but what they soon realized is up to 35% of the messages were disappearing. Recipients simply claimed not to have received the messages. The last straw… when they realized that mainstream email security scanners now had bots that were triggering opt-out links placed in these emails by the email system which rendered many of the recipients unable to be sent to.

Best Practice: This government agency realized they needed a better way. They switched to sending these important notices using the RMail Registered Email™ service — for use when each email delivery record needs to be relied upon. The Registered Email™ service is the worldwide standard for legal and verifiable proof of email delivery, content and timestamp, returning a self-authenticating and court-admissible Registered Receipt™ record for every message sent. Organizations like the United Nations, US Federal Government, telecom carriers, pharmaceutical companies, and insurance, investment, and legal advisors have relied upon this service for more than a decade. It is not susceptible to the many, many issues uncovered when users try to send important business communications using email CRM sales and marketing systems where each message sent is often not mission critical. Sure, a newsletter gone missing might be a missed marketing impression, but a price change notice gone missing can have big financial ramifications for the sender.


Email Privacy Compliance Challenge: Insurance Broker Misunderstands “Office 365 Secure Email”. Secure email is now a common term. But what it really means depends on who is using the term. And many don’t take the time to consider the context. Secure email may mean protecting from email-borne threats like spam, phishing, and viruses. It could mean transmitting a message in a more secure manner, using a secure connection. It may mean sending a link for a recipient to retrieve a message or file through a secure website. Or, it could mean encrypting the message itself and delivering the message as an encrypted package. Well, if you are like the insurance broker staff trying to decipher all of this, your eyes are now glossing over. Hey, doesn’t secure email simply mean email that is secure protecting everyone from everything? Unfortunately, not always. This insurance broker relied on Office 365 secure email to send personally identifiable and private health information. They assumed it just worked, and sure, sometimes the messages were delivered through a secure connection, but sometimes they were not. They had no way to distinguish. Without being able to verify which messages, after the fact, were sent in a private manner, they fell short during their data privacy compliance audit.

Best Practice: Secure email means many things; each of which are important in today’s technology environment for different reasons. The insurance broker mentioned above (and other businesses) need not only secure email systems to protect against common email-borne threats, but also specialized email encryption services that provide simple-to-use methods to send email encrypted. A best practice for regulated companies is to choose an email encryption service that also provides an auditable record on a message by message basis of fact of encrypted delivery.  This is what protects in case of a data privacy audit or accusation of a data breach. Office 365 does not do this, nor do most secure sounding services in the market. RMail’s Registered Email service with RMail encryption provides this for Microsoft Outlook, Gmail, and Zimbra users; and can be set for automated sending from business systems (ERP, CRM, BPM).


Congratulations… if you got to the end, you are not one of those with the reduced attention span caused by over-exposure to mobile devices. You don’t only rely on what you can read in three words, big fonts, nice colors, and pretty pictures.

RPost Email Security Now Built Into Acturis, Leading the UK Insurance Market

Acturis has Embedded RMail Email Encryption, E-Sign, and Registered Email E-Delivery Proof as Features Inside its Market Leading Insurance Management Platform, Simplifying GDPR Compliance

London, England – 14 November 2018 – RPost announces release of RMail email encryption, security, and compliance services, now available from within Acturis’ insurance management platform. Adding RMail into Acturis simplifies GDPR compliance for email privacy, adds Registered Email certified e-delivery proof for insurance notifications, and embeds e-signatures for insurance policy and claims processes. Acturis is the leading insurance management platform in the United Kingdom. RMail was identified as the top choice by the UK-based Association of Professional Compliance Consultants (APCC) for email privacy for GDPR compliance and awarded Germany’s Mittelstand award for innovation 2018.

“Acturis’ choice to add RPost into their application demonstrates the importance of RPost’s RMail services, considering today’s heightened awareness of security, compliance, and interest in using technology as a catalyst to improve business operations,” says RPost CEO Zafar Khan. “With customers in common, this integration also evidences Acturis’ ongoing commitment to improving the overall product experience for customers.” According to Acturis, the Acturis platform is the leading software service to the General Insurance Industry in the United Kingdom, with customers including Allianz, AXA, AVIVA, Chubb, and many others.

The integration between Acturis and RPost allows emails to be sent via RMail from within the Acturis application and improves the process of uploading an email sent via RMail to Acturis. Further, a new “Send Registered and Upload” button has been added to the Acturis Outlook Plugin to allow emails to be sent via RMail from Microsoft Outlook and Office 365, with automatic uploading to the Acturis application. RPost functionality is part of Acturis Release 7.4.1. Read more about the product integration.

“Considering GDPR, the new European privacy compliance regulations, the timing is perfect,” adds Khan.

GDPR requires the handler of consumer non-public and personal information to maintain not only privacy of that information, but also the ability to demonstrate compliance with the privacy requirements. These requirements are discussed detail in GDPR Article 5 Clause 1(f) and 2, and Article 32 Clause 1(a) and 1(d) which focus on the requirement to protect personal data during transmission with the ability to demonstrate fact of protection of personal data. The RMail® Registered Receipt™ record provides this auditable proof of GDPR email privacy compliance, on a message-by-message basis.

The Association of Professional Compliance Consultants prepared a GDPR Technology Guide for email privacy, considering GDPR requirements. The Guide identifies RMail as top choice for GDPR email technology. “This paper marks a significant contribution to the GDPR compliance debate, by providing a robust assessment of the concerns and a powerful methodology to guide practical compliance.  It also offers useful parameters that an organization should consider in its selection of an appropriate solution and a perspective on several of the leading offerings,” remarks Nick Hawke, Chief Executive Officer, Association of Professional Compliance Consultants, in the foreword of the report.

“For the purposes of GDPR data privacy compliance related to e-mail, e-document delivery, and e-signing systems, RMail® and its related e-signature and digital forms services are an ideal solution,” states Volker Sommerfeld, Product Manager from Frama Communications. “RMail is the professional solution for secure email that everyone can use. RMail ticks all of the boxes, easy to manage, simple to deploy and is very elegant.”

About RPost: RPost is a leading cybersecurity company providing email security, compliance, and productivity services to more than 25 million users worldwide over more than a decade. RPost has set the global standard for secure and certified electronic communications, with more than 50 patents granted on its core Registered Email™ technologies, used worldwide to track and prove email delivery, encrypt email, protect from imposter email, secure large file transfers, and manage e-signature transactions. Recipient of the World Mail Award for Best in Security, Best Innovation in IT Award in Germany, and voted Top Choice for GDPR Email Data Privacy Compliance, RPost services are in use in nearly every country in the world, within Global Fortune 500 companies, and endorsed by the most influential industry associations.


Sending RMail Registered Email™ with Acturis.

Sending RMail Registered Email™ in Acturis
Sending RMail Registered Email™ and Upload Button

Whaling is Flourishing, a $5 Billion Hacker Lottery

Harpooning whales is (in most of the world) a thing of the past. This is good for the kind-hearted. But in the cyber world, harpooning “whales” is a thriving and fantastically profitable criminal profession.

Who is doing the whaling? Sophisticated hackers start by purchasing your information from marketing companies and LinkedIn recruiter tools. They use basic automation tools to lure “whales” into replying to an email that has no links, and looks like a normal short message sent among business staff. Because there are no links to click, and these emails don’t call for any immediate action, this is a far more advanced form of the traditional “spear phishing” cyber lure. In a whaling cybercrime, someone on your staff receives and responds to these simple looking emails, which in many cases, end with a new (fake) vendor being added to payment systems, an existing vendor having payment information changed by staff in a payment system to an imposter address or account, or staff sending a one-time payment for an important “urgent” matter unknowingly right to the cybercriminal.

Who are the whales? YOU. (You, if you or your peers and staff have the ability to pay an invoice — or ask someone to pay an invoice; or if you are in control of payment, human resource and/or payroll data).

In 2016, RPost developed the first anti-whaling detection service, that runs inside Microsoft Outlook when the RMail email security add-in is installed. The anti-whaling technology is enabled by default at no extra cost. At that time, the FBI reported $1 billion lost in the United States alone, from people mis-wiring or mistakenly paying invoices arranged by the cyber criminals. Recently, the SEC reported a more than 500% increase in lost money — astonishingly, now more than $5 billion has been “mis-wired”, normally never to be recovered.

When people see big numbers, “billions”, sometimes their eyes glass-over and think they are not at risk. Consider, however, in this situation, the FBI reports that these crimes (that they call Business Email Compromise) cause people to lose their money in average increments of $6,000 for individuals and $130,000 for businesses, with each incident. This is real money for most people. For most small businesses, this can certainly strain budgets.

Now consider some of the great big blue whales recently harpooned by these cyber lures. The SEC conducted their recent study looking at actual incidents in public companies, and considered whether, in addition to the financial losses, the executives of the tricked companies could be held accountable for a securities law violation for not implementing sound practices effective enough to protect from these lures.

The SEC profiled nine public companies that mistakenly sent at least $1 million each; two sent more than $30 million to the cybercriminal directly. In total, the nine companies (mis-wired) nearly $100 million to the perpetrators, almost all of which, they report, was never recovered.

What is scary is these cyber criminals are so bold that once they get their first harpoon in, they keep harpooning the same whale, over and over. Some of these investigated companies were victims of protracted schemes that were only uncovered as a result of third-party actions, such as through detection by a foreign bank or law enforcement agency, according to the SEC report. “Indeed, one company made 14 wire payments requested by the fake executive over the course of several weeks—resulting in over $45 million in losses—before the fraud was uncovered by an alert from a foreign bank. Another of the issuers paid eight invoices totaling $1.5 million over several months in response to a vendor’s manipulated electronic documentation for a banking change; the fraud was only discovered when the real vendor complained about past due invoices.”

What makes this so lucrative — like a “hacker lottery” with many million dollar winners — is that there is no simple all-in-one fix. Email security gateway services may provide some protection, but they cannot block the most common lures that only RMail’s Microsoft Outlook app detects.

One simple measure that every business executive should require to add essential protection and peace of mind, is to install RMail for Outlook app. There is no cost to use the RMail for Outlook app for any staff to have the anti-whaling detection running. Install it for all accounting, finance and human resource staff at the very least — why take the risk? There is only small cost if users choose to additionally use the RMail email encryption, e-signature, and Registered Email e-delivery proof service. You can install the free RMail for Outlook with RMail’s Anti-Whaling technology enabled now and protect your organization from whaling attacks.

Those that would like to read more should review the thorough SEC report and the RPost Tech Essentials past blog and video discussing this anti-whaling in more detail.

RPost Customizes for the Title Insurance Sector, adding Email Encryption and Registered Email e-Delivery Proof Services to ResWare

Heightened need for email security, compliance, and TRID proof of e-delivery of notifications fuels demand of RPost-ResWare integration.

Los Angeles, CA – 12 September 2018 – RPost, a leader in email cybersecurity software services, and Adeptive Software, a leader in title insurance management automation with its ResWare® production platform, announce the availability of RPost’s email security, compliance, and productivity services within ResWare. RPost® services are a logical extension for ResWare as they add RPost’s award-winning RMail® email encryption and Registered Email™ certified e-delivery proof into workflows for title and escrow professionals.

“We saw an obvious benefit to being able to send encrypted messages within ResWare, using RMail,” adds George T. Holler, Esq. of Holler Law Firm, a ResWare user. “We were impressed with the simplicity of the user experience with RMail; with the all-in-one aspect of the RMail solution providing an elegant experience and economical approach.”

“The inspiration for integrating RMail service into ResWare came from ResWare’s title insurance sector users. Together, we have taken the security and TRID compliance aspects of RPost’s RMail® services and embedded them as part of the workflow within ResWare,” adds RPost CEO Zafar Khan.

RPost’s main products accessible in ResWare starting in version 9.4 include:

  • RMail email encryption with auditable proof of compliance with data privacy regulations.
  • Registered Email e-delivery proof, which returns a Registered Receipt™ for every message sent, providing and proving e-delivery details, data privacy, and TRID compliance. The receipt is automatically routed to, and stored within, ResWare.

From a compliance perspective, the RMail services evidence the emailed date of delivery of TRID disclosures for purposes of §1026.25(c), including proof of delivery of emailed initial or revised Loan Estimates and Closing Disclosures. The Registered Receipt record enables creditors to satisfy record retention requirements under the TRID rule with respect to the disclosures.

“The Registered Receipt email has the capability to authenticate and accurately reproduce the original email and attachments, including any attached disclosures, which satisfies the E-Sign Act’s retention and accurate reproduction requirements. Thus, the Registered Receipt email should generally enable creditors to satisfy the record retention requirements under the TRID rule with respect to the disclosures,” opines Richard Horn in the Richard Horn Legal PLLC memorandum on RPost compliance with TRID delivery requirements.

The Real Estate Services Providers Council® (RESPRO®) published a Cyber Security and Compliance Buyer’s Guide to assist residential real estate operators manage risks associated with data breaches, consumer information privacy, and compliance with TRID notice and consent rules. The RESPRO Buyer’s Guide identified RMail encryption as it top pick considering a number of factors. RMail encryption is the only service that provides evidence of encrypted delivery of email and attachments and returns audit-ready records in case of a compliance audit or an accusation of non-compliance related to the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act, or other privacy regulations.

Contact RPost to schedule a meeting or to download the ResWare documentation on adding RMail, at https://www.rmail.com/resware .

ResWare Email Template User Interface with RMail OptionsResWare Email Template

About RPost: RPost is a leading cybersecurity company providing email security, compliance, and productivity services to more than 25 million users worldwide over more than a decade. RPost has set the global standard for secure and certified electronic communications, with more than 50 patents granted on its core Registered Email™ technologies, used worldwide to track and prove email delivery, encrypt email, protect from imposter email, secure large file transfers, and manage e-signature transactions. Recipient of the World Mail Award for Best in Security and voted Top Choice for GDPR Email Data Privacy Compliance, RPost services are in use in nearly every country in the world, within Global Fortune 500 companies, and endorsed by the most influential industry associations.

About Adeptive Software: Independently-owned and operated, Adeptive Software was founded in 2003 and develops the industry-leading ResWare title and escrow production platform. ResWare is a sophisticated, yet flexible solution providing smart automation, configurability, and partner integrations that enable clients to be more productive, efficient, and adaptable. ResWare, along with the expertise of the Adeptive staff, empowers organizations to grow their top line, manage their bottom line, enhance customer offerings, and thus transform their business overall.